Usually one issue with making that software read-only is that it is the development system RACF database that defines it as read-only. Hence the production system has to trust the security of the development system. Many security professionals would baulk at this.
Or maybe you were thinking of making it read-only at the hardware level? Lennie -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Paul Gilmartin Sent: 14 June 2023 19:59 To: [email protected] Subject: Re: Unix file system ownership On Wed, 14 Jun 2023 19:42:32 +0100, Lennie Dymoke-Bradshaw wrote: > ... >I can understand completely why the environments of Development and >Production should have different RACF databases. What I fail to >understand is why they are then sharing the DASD. > Would sneakernet be better? There are valid reasons for making production utilities, though not data, available, read only, on Development and Test systems. Are the production TSO IDs similarly not defined or unavailable on the Development system? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
